Win 7 won't boot/BSOD, ran FRST, need FIXLIST.txt

[dimepiecenerd]

My Computer Specs:
- Windows 7
- HP Pavilion dv6 Notebook PC
- Intel® Core™ i3-2310M CPU 2.10GHz
- Memory 6GB

1) After I used Defender Offline to remove Trojan Alureon virus, PC won't boot, BSOD keeps coming up

2) Ran FRST64, saved FRST.txt log (attached)

Thanks for all your help, I really hope my PC starts working again.

- dimepiecenerd from San Diego, CA

 

[kuttus]

Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
------------------------------------------------------------------------------------------------------------------------------

Try to start your computer in safe mode.


STEP 1 : Start your computer in Safe Mode with Networking

1. Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
2. Press and hold the F8 key as your computer restarts.Please keep in mind that you need to press the F8 key before the Windows start-up logo appears.
   Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the Advanced Boot Options screen.
3. On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
   
   

 

[dimepiecenerd]

OK, I just went to Safe Mode with networking, got "Windows Error Recovery" with options 1) Launch Startup Repair and 2) Start Windows Normally

I have tried 1) and the start up repair was unable to fix problem.

 

[dimepiecenerd]

-From Startup Repair: Diagnosis and repair details
All tests came back with "Result: Completed Successfully. Error code = 0x0"

"Root cause found: Unspecified changes to system configuration might have caused the problem.

-From System Restore
Tried to restore at restore points, did not work.

 

[kuttus]

Please don't do anything else....... I told you to try Safe Mode with Networking only........ If you are not able to do it replay. Please don't select the steps from your end.

 

[kuttus]

May I know what is happening now?

 

[dimepiecenerd]

Hi,
I ran the Safe Mode with Networking and got the "Windows Error Recovery Page"

The startup repair details are from yesterday when I tried to diagnose the problem.'

What should I do next?

 

[dimepiecenerd]

I searched online and someone else who removed Trojan Alureon virus then PC crashed posted here: http://www.sevenforums.com/system-s...-removing-alureon-virus-defender-offline.html

I ran the FRST scan just like them, got my FRST.txt log, should I do anything else?

 

[kuttus]

Now please download this file and save it to your Flash Drive.


Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.

 

[dimepiecenerd]

Here's the FIXLOG after running the FIXLIST.TXT.

 

[dimepiecenerd]

It loaded! My wall paper is gone though. How can I make sure Alureon virus is off and/or prevent the BSOD from happening again? Any scans I should run? Thanks so much!!!!!!

 

[kuttus]

Lets do some more scan to make sure your computer is 100% safe..

STEP 1 : Run a scan with Kaspersky TDSSKiller

1. Download Kaspersky TDSKiller from the below link.
   KASPERKSY TDSSKILLER DOWNLOAD LINK (This link will automatically download Kaspersky TDSSKiller on your computer)
2. Double-click on TDSSKiller.exe to run the application.
   
   
3. Click Change parameters
   
   
4. Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
   
   
5. Click on the Start Scan button to begin the scan and wait for it to finish.
   NOTE: Do not use the computer during the scan!
6. During the scan it will look similar to the image below:
   
   
7. When it finishes, you will either see a report that no threats were found like below:
   
   
   
   If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
8. If any infection or suspected items are found, you will see a window similar to below:
   
   
   • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
   • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
   • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
     Make sure that Cure is selected. VERY IMPORTANT! - If Cure is not available, please choose Skip instead. DO NOT choose Delete unless instructed to do so.
9. Click Continue to apply selected actions.
10. A reboot may be required to complete disinfection. A window like the below will appear:
    
    
    
    Reboot immediately if TDSSKiller states that one is needed.
11. Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_2.12.2012_14.17.04_log.txt which is based on the program version # and date and time run.
12. Attach this log to your next reply.

 

[dimepiecenerd]

Under Change Settings there are more options:
Objects to Scan
1) System Memory
2) Services and drivers
3) Boot Sectors
4) Loaded modules

Additional options
5) Verify file digital signatures
6) Detect TDLFS file system
7) Use KSN to scan objects

Do I select all of them or just the ones you recommended (numbers 2, 3, 5, 6)?

 

[kuttus]

The one I recommended will be fine.

 

[dimepiecenerd]

Here's the log

 

[kuttus]

Do you see the scan found one Infection?

 

[dimepiecenerd]

Yes, it said a moderate infection on hard drive I believe, to "skip" it. I did.. should I do anything else? How do I remove/fix that infection?

 

[dimepiecenerd]

Ran the Scan again, attached screen shot and log

 

[kuttus]

Instead of Skip Select Cure and press Continue. It will reboot the computer, Let me know after that,

 

[dimepiecenerd]

Only options are to "Skip" "Delete" and "Copy to Quarantine" for the threat